From 57ab3c7ca05d853579956c755b8456e9eed6c459 Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Mon, 9 Dec 2024 15:44:38 -0800 Subject: [PATCH 1/3] fix: JSON parsing of S2A addresses. --- .../com/google/auth/oauth2/OAuth2Utils.java | 4 +-- .../auth/oauth2/SecureSessionAgent.java | 26 ++++++++++++++++--- .../oauth2/MockMetadataServerTransport.java | 4 +-- 3 files changed, 26 insertions(+), 8 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/OAuth2Utils.java b/oauth2_http/java/com/google/auth/oauth2/OAuth2Utils.java index 8c1e80096..03470ce10 100644 --- a/oauth2_http/java/com/google/auth/oauth2/OAuth2Utils.java +++ b/oauth2_http/java/com/google/auth/oauth2/OAuth2Utils.java @@ -97,8 +97,8 @@ class OAuth2Utils { static final JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance(); - private static String VALUE_NOT_FOUND_MESSAGE = "%sExpected value %s not found."; - private static String VALUE_WRONG_TYPE_MESSAGE = "%sExpected %s value %s of wrong type."; + static final String VALUE_NOT_FOUND_MESSAGE = "%sExpected value %s not found."; + static final String VALUE_WRONG_TYPE_MESSAGE = "%sExpected %s value %s of wrong type."; static final String BEARER_PREFIX = AuthHttpConstants.BEARER + " "; diff --git a/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java b/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java index 69f526353..aa00e3022 100644 --- a/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java +++ b/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java @@ -45,6 +45,7 @@ import java.io.InputStream; import java.util.Arrays; import java.util.HashSet; +import java.util.Map; import java.util.ServiceLoader; import java.util.Set; import javax.annotation.concurrent.ThreadSafe; @@ -59,6 +60,7 @@ */ @ThreadSafe public class SecureSessionAgent { + static final String S2A_JSON_KEY = "s2a"; static final String S2A_PLAINTEXT_ADDRESS_JSON_KEY = "plaintext_address"; static final String S2A_MTLS_ADDRESS_JSON_KEY = "mtls_address"; static final String S2A_CONFIG_ENDPOINT_POSTFIX = @@ -190,15 +192,14 @@ private SecureSessionAgentConfig getSecureSessionAgentConfigFromMDS() { String mtlsS2AAddress = ""; try { plaintextS2AAddress = - OAuth2Utils.validateString(responseData, S2A_PLAINTEXT_ADDRESS_JSON_KEY, PARSE_ERROR_S2A); + validateString(responseData, S2A_PLAINTEXT_ADDRESS_JSON_KEY, PARSE_ERROR_S2A); } catch (IOException ignore) { /* * Do not throw error because of parsing error, just leave the address as empty in {@link SecureSessionAgentConfig}. */ } try { - mtlsS2AAddress = - OAuth2Utils.validateString(responseData, S2A_MTLS_ADDRESS_JSON_KEY, PARSE_ERROR_S2A); + mtlsS2AAddress = validateString(responseData, S2A_MTLS_ADDRESS_JSON_KEY, PARSE_ERROR_S2A); } catch (IOException ignore) { /* * Do not throw error because of parsing error, just leave the address as empty in {@link SecureSessionAgentConfig}. @@ -210,4 +211,23 @@ private SecureSessionAgentConfig getSecureSessionAgentConfigFromMDS() { .setMtlsAddress(mtlsS2AAddress) .build(); } + + private static String validateString(Map map, String key, String errorPrefix) + throws IOException { + Object value = map.get(S2A_JSON_KEY); + if (value == null) { + throw new IOException( + String.format(OAuth2Utils.VALUE_NOT_FOUND_MESSAGE, errorPrefix, S2A_JSON_KEY)); + } + if (!(value instanceof Map)) { + throw new IOException( + String.format(OAuth2Utils.VALUE_WRONG_TYPE_MESSAGE, errorPrefix, "Map", S2A_JSON_KEY)); + } + Object address = ((Map) value).get(key); + if (!(address instanceof String)) { + throw new IOException( + String.format(OAuth2Utils.VALUE_WRONG_TYPE_MESSAGE, errorPrefix, "string", key)); + } + return (String) address; + } } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java b/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java index bbff66e04..0cc99a7ee 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java @@ -300,9 +300,7 @@ public LowLevelHttpResponse execute() throws IOException { GenericJson content = new GenericJson(); content.setFactory(OAuth2Utils.JSON_FACTORY); if (requestStatusCode == 200) { - for (Map.Entry entrySet : s2aContentMap.entrySet()) { - content.put(entrySet.getKey(), entrySet.getValue()); - } + content.put("s2a", s2aContentMap); } String contentText = content.toPrettyString(); From f98b1ba4c360d50139f7eeaa6fda42cf3401b27f Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Tue, 10 Dec 2024 10:07:16 -0800 Subject: [PATCH 2/3] extract extra parsing logic to calling method. --- .../com/google/auth/oauth2/OAuth2Utils.java | 4 +-- .../auth/oauth2/SecureSessionAgent.java | 35 ++++++++----------- 2 files changed, 16 insertions(+), 23 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/OAuth2Utils.java b/oauth2_http/java/com/google/auth/oauth2/OAuth2Utils.java index 03470ce10..8c1e80096 100644 --- a/oauth2_http/java/com/google/auth/oauth2/OAuth2Utils.java +++ b/oauth2_http/java/com/google/auth/oauth2/OAuth2Utils.java @@ -97,8 +97,8 @@ class OAuth2Utils { static final JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance(); - static final String VALUE_NOT_FOUND_MESSAGE = "%sExpected value %s not found."; - static final String VALUE_WRONG_TYPE_MESSAGE = "%sExpected %s value %s of wrong type."; + private static String VALUE_NOT_FOUND_MESSAGE = "%sExpected value %s not found."; + private static String VALUE_WRONG_TYPE_MESSAGE = "%sExpected %s value %s of wrong type."; static final String BEARER_PREFIX = AuthHttpConstants.BEARER + " "; diff --git a/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java b/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java index aa00e3022..d776cb1e3 100644 --- a/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java +++ b/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java @@ -190,16 +190,28 @@ private SecureSessionAgentConfig getSecureSessionAgentConfigFromMDS() { String plaintextS2AAddress = ""; String mtlsS2AAddress = ""; + Object s2aAddressConfig = responseData.get(S2A_JSON_KEY); + if (s2aAddressConfig == null) { + /* + * Return empty addresses in {@link SecureSessionAgentConfig} if endpoint doesn't return anything. + */ + return SecureSessionAgentConfig.createBuilder().build(); + } try { plaintextS2AAddress = - validateString(responseData, S2A_PLAINTEXT_ADDRESS_JSON_KEY, PARSE_ERROR_S2A); + OAuth2Utils.validateString( + (Map) s2aAddressConfig, + S2A_PLAINTEXT_ADDRESS_JSON_KEY, + PARSE_ERROR_S2A); } catch (IOException ignore) { /* * Do not throw error because of parsing error, just leave the address as empty in {@link SecureSessionAgentConfig}. */ } try { - mtlsS2AAddress = validateString(responseData, S2A_MTLS_ADDRESS_JSON_KEY, PARSE_ERROR_S2A); + mtlsS2AAddress = + OAuth2Utils.validateString( + (Map) s2aAddressConfig, S2A_MTLS_ADDRESS_JSON_KEY, PARSE_ERROR_S2A); } catch (IOException ignore) { /* * Do not throw error because of parsing error, just leave the address as empty in {@link SecureSessionAgentConfig}. @@ -211,23 +223,4 @@ private SecureSessionAgentConfig getSecureSessionAgentConfigFromMDS() { .setMtlsAddress(mtlsS2AAddress) .build(); } - - private static String validateString(Map map, String key, String errorPrefix) - throws IOException { - Object value = map.get(S2A_JSON_KEY); - if (value == null) { - throw new IOException( - String.format(OAuth2Utils.VALUE_NOT_FOUND_MESSAGE, errorPrefix, S2A_JSON_KEY)); - } - if (!(value instanceof Map)) { - throw new IOException( - String.format(OAuth2Utils.VALUE_WRONG_TYPE_MESSAGE, errorPrefix, "Map", S2A_JSON_KEY)); - } - Object address = ((Map) value).get(key); - if (!(address instanceof String)) { - throw new IOException( - String.format(OAuth2Utils.VALUE_WRONG_TYPE_MESSAGE, errorPrefix, "string", key)); - } - return (String) address; - } } From 8c39dcb800af5645d154c014345257c99b2e358b Mon Sep 17 00:00:00 2001 From: Riya Mehta Date: Tue, 10 Dec 2024 14:26:34 -0800 Subject: [PATCH 3/3] cast once + use defined constant. --- .../java/com/google/auth/oauth2/SecureSessionAgent.java | 9 +++------ .../google/auth/oauth2/MockMetadataServerTransport.java | 2 +- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java b/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java index d776cb1e3..f39936a31 100644 --- a/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java +++ b/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java @@ -190,7 +190,7 @@ private SecureSessionAgentConfig getSecureSessionAgentConfigFromMDS() { String plaintextS2AAddress = ""; String mtlsS2AAddress = ""; - Object s2aAddressConfig = responseData.get(S2A_JSON_KEY); + Map s2aAddressConfig = (Map) responseData.get(S2A_JSON_KEY); if (s2aAddressConfig == null) { /* * Return empty addresses in {@link SecureSessionAgentConfig} if endpoint doesn't return anything. @@ -200,9 +200,7 @@ private SecureSessionAgentConfig getSecureSessionAgentConfigFromMDS() { try { plaintextS2AAddress = OAuth2Utils.validateString( - (Map) s2aAddressConfig, - S2A_PLAINTEXT_ADDRESS_JSON_KEY, - PARSE_ERROR_S2A); + s2aAddressConfig, S2A_PLAINTEXT_ADDRESS_JSON_KEY, PARSE_ERROR_S2A); } catch (IOException ignore) { /* * Do not throw error because of parsing error, just leave the address as empty in {@link SecureSessionAgentConfig}. @@ -210,8 +208,7 @@ private SecureSessionAgentConfig getSecureSessionAgentConfigFromMDS() { } try { mtlsS2AAddress = - OAuth2Utils.validateString( - (Map) s2aAddressConfig, S2A_MTLS_ADDRESS_JSON_KEY, PARSE_ERROR_S2A); + OAuth2Utils.validateString(s2aAddressConfig, S2A_MTLS_ADDRESS_JSON_KEY, PARSE_ERROR_S2A); } catch (IOException ignore) { /* * Do not throw error because of parsing error, just leave the address as empty in {@link SecureSessionAgentConfig}. diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java b/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java index 0cc99a7ee..de80c1537 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java @@ -300,7 +300,7 @@ public LowLevelHttpResponse execute() throws IOException { GenericJson content = new GenericJson(); content.setFactory(OAuth2Utils.JSON_FACTORY); if (requestStatusCode == 200) { - content.put("s2a", s2aContentMap); + content.put(SecureSessionAgent.S2A_JSON_KEY, s2aContentMap); } String contentText = content.toPrettyString();